Amazon Linux 2 : libpng, --advisory ALAS2-2026-3189 (ALAS-2026-3189)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3189 advisory. libpng: An out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogra...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3177 (ALAS-2026-3177)

The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3177 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type...

Amazon Linux 2 : qemu, --advisory ALAS2-2026-3182 (ALAS-2026-3182)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3182 advisory. A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a...

Amazon Linux 2023 : cuda (ALAS2023NVIDIA-2026-277)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-277 advisory. NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if...

Amazon Linux 2023 : libssh, libssh-config, libssh-devel (ALAS2023-2026-1461)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1461 advisory. libssh: Buffer underflow in sshgethexa on invalid input CVE-2026-0966 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not...

Amazon Linux 2 : rust, --advisory ALAS2-2026-3188 (ALAS-2026-3188)

The version of rust installed on the remote host is prior to 1.92.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3188 advisory. No CVE was issued for this update. Tenable has extracted the preceding description block directly from the tested product security...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2026-1446)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1446 advisory. A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user...

Amazon Linux 2 : qt5-qt3d, --advisory ALAS2-2026-3187 (ALAS-2026-3187)

The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3187 advisory. A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the functi...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-011 (ALASGIMP-2026-011)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GIMP-2026-011 advisory. GIMP: PSD loader: heap-buffer-overflow in freadpascalstring no null terminator CVE-2026-2239 An integer overflow...

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1466)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1466 advisory. node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. Th...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-099 (ALASECS-2026-099)

The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-099 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...

Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2026-1458)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1458 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-098 (ALASECS-2026-098)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-098 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary...

Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1454)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1454 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2026-1456)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1456 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of...

Amazon Linux 2023 : firefox (ALAS2023-2026-1469)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1469 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area...

Amazon Linux 2 : python-pillow, --advisory ALAS2-2026-3180 (ALAS-2026-3180)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3180 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when...

Amazon Linux 2023 : evolution-data-server, evolution-data-server-devel, evolution-data-server-langpacks (ALAS2023-2026-1451)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1451 advisory. The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used in order to manage contacts. A Flatpak application with access to this D-Bus service...

Amazon Linux 2 : aide, --advisory ALAS2-2026-3186 (ALAS-2026-3186)

The version of aide installed on the remote host is prior to 0.16.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3186 advisory. AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability ...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2026-1450)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1450 advisory. MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service CVE-2025-11626 Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial...